baker7 Posted October 4, 2006 Report Share Posted October 4, 2006 Hello There:Brian here: I have a problem with my machine (Emmanuel) Something was downloaded yesterday that I think was Vcodic. I ran ewido twice, had 7 infections, and cleaned them. Then ran spybot and cleaned the junk out there, and then ran adaware. I found 1 entry for a w32.trojan.downloader, but cant remember what it was. I deleted this one.Now, I still have a question mark with a red circle flashing in the system tray - how the heck can I get rid of this when subsequent scans seem negative?Here is my HJT LOG:------------------------------EMMANUEL HJT LOG------------------------------Logfile of HijackThis v1.99.1Scan saved at 6:37:09 AM, on 10/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXEC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\WINDOWS\system32\wwSecure.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXEC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\GIANT Company Software\Spam Inspector\siService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hphmon03.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\WINDOWS\system32\HPHipm09.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\buddy\My Documents\PROGRAMS_ZIPFILES\HIJACK_THIS_199\HIJACK_THIS_199.1\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130202912552O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dllO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.execould someone please help me get this thing outta the system tray??ThanksBrian Link to post Share on other sites
therock247uk Posted October 4, 2006 Report Share Posted October 4, 2006 Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm Link to post Share on other sites
baker7 Posted October 4, 2006 Author Report Share Posted October 4, 2006 (edited) Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmTherock247uk:Thanks for the reply: Here is that log:-------------------BEGIN LOG-------------------SmitFraudFix v2.104Scan done at 11:49:38.08, Wed 10/04/2006Run from C:\Documents and Settings\buddy\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTFix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\C:\secure32.html FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\secure32.html FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\gqagksr.dll FOUND !C:\WINDOWS\system32\ot.ico FOUND !C:\WINDOWS\system32\reger.exe FOUND !C:\WINDOWS\system32\winsrv32.exe FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\buddy»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\buddy\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start MenuC:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\buddy\FAVORI~1C:\DOCUME~1\buddy\FAVORI~1\Antivirus Test Online.url FOUND !»»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\paytime.exe FOUND !C:\Program Files\VideosCodec\ FOUND !»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]@="C:\WINDOWS\system32\gqagksr.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]@="C:\WINDOWS\system32\gqagksr.dll"»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End------------------END LOG------------------I posted the HJT log and then started looking at the web to see if I could locate some clue that I was infected: The clue was the file "gqagksr.dll" which is listed in my log above in lineO21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dllI await further instructions Brian Edited October 4, 2006 by baker7 Link to post Share on other sites
therock247uk Posted October 4, 2006 Report Share Posted October 4, 2006 You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning : running option #2 on a non infected computer will remove your Desktop background. Link to post Share on other sites
baker7 Posted October 4, 2006 Author Report Share Posted October 4, 2006 Working.........will post results upon completion Brian Link to post Share on other sites
therock247uk Posted October 4, 2006 Report Share Posted October 4, 2006 Ok. Link to post Share on other sites
baker7 Posted October 4, 2006 Author Report Share Posted October 4, 2006 Here is that log:SmitFraudFix v2.104Scan done at 12:22:42.24, Wed 10/04/2006Run from C:\Documents and Settings\buddy\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]@="C:\WINDOWS\system32\gqagksr.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]@="C:\WINDOWS\system32\gqagksr.dll"»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!RiC:\WINDOWS\system32\gqagksr.dll -> Hoax.Win32.Renos.gen.eC:\WINDOWS\system32\gqagksr.dll -> Deleted»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected filesC:\secure32.html DeletedC:\WINDOWS\secure32.html DeletedC:\WINDOWS\system32\ot.ico DeletedC:\WINDOWS\system32\reger.exe DeletedC:\DOCUME~1\buddy\FAVORI~1\Antivirus Test Online.url DeletedC:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url DeletedC:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url DeletedC:\Program Files\paytime.exe DeletedC:\Program Files\VideosCodec\ Deleted»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files»»»»»»»»»»»»»»»»»»»»»»»» Registry CleaningRegistry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» RebootC:\WINDOWS\system32\winsrv32.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» EndI await further instructionsBrian Link to post Share on other sites
therock247uk Posted October 4, 2006 Report Share Posted October 4, 2006 Ok post a new Hijackthis log here in a reply. Link to post Share on other sites
baker7 Posted October 4, 2006 Author Report Share Posted October 4, 2006 Here is that log:--------------------------------------BEGIN LOG--------------------------------------Logfile of HijackThis v1.99.1Scan saved at 3:04:28 PM, on 10/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXEC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\WINDOWS\system32\wwSecure.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exeC:\WINDOWS\LTMSG.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\GIANT Company Software\Spam Inspector\siService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hphmon03.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exeC:\WINDOWS\system32\HPHipm09.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Microsoft Office\Office\OUTLOOK.EXEC:\Program Files\GIANT Company Software\Spam Inspector\siMain.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\buddy\My Documents\PROGRAMS_ZIPFILES\HIJACK_THIS_199\HIJACK_THIS_199.1\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130202912552O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe-----------------END LOG-----------------I await your reply Brian Link to post Share on other sites
therock247uk Posted October 4, 2006 Report Share Posted October 4, 2006 Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 Therock247uk:Scanning is in progress........may take a while: will let you know whats up in the morning: so far I have about 4 Spyware, and 2 hacking tools: she locked up on me earlier so I had to restart her Brian Link to post Share on other sites
therock247uk Posted October 5, 2006 Report Share Posted October 5, 2006 Ok. Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 Here are the activescan results:Incident Status Location Adware:adware/azesearch Not disinfected c:\windows\system32\azebar.xml Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\buddy\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\buddy\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Adware:Adware/AzeSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5B706111-B58D-4C22-A259-F76BBB\10C2A5FA-E975-4E15-A816-8AD608 Adware:Adware/SpyFalcon Not disinfected C:\WINDOWS\Downloaded Program Files\eCodec-v4.287.exe Adware:Adware/AdwareSheriff Not disinfected C:\WINDOWS\rfscanax.dll I'll await your response before proceeding Brian Link to post Share on other sites
therock247uk Posted October 5, 2006 Report Share Posted October 5, 2006 Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button.[*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):c:\windows\system32\azebar.xmlC:\WINDOWS\Downloaded Program Files\eCodec-v4.287.exeC:\WINDOWS\rfscanax.dll[*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.[*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.Then post a new Hijackthis log here in a reply. Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 (edited) therock247uk:question:how do you click all of these files that you told me to when even with 'all files' button pressed, it seems to only delete one of them at a time each reboot?It seems that you would have to go 1 at a time, because it doesnt allow you to put them all into killboxes file dialog box?? can you do these things one at a time??Take a look at my next log from Killbox: seems like I did delete the files requestedBrian Edited October 5, 2006 by baker7 Link to post Share on other sites
therock247uk Posted October 5, 2006 Report Share Posted October 5, 2006 If you copy all of the file names and in killbox go to the File menu, and choose Paste from Clipboard it should do them all when you click the all files button... Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 Pocket Killbox version 2.0.0.881Running on Windows XP as buddy(Administrator)was started @ Thursday, October 05, 2006, 9:50 AM# 1 [Delete on Reboot]Path = c:\windows\system32\azebar.xml# 2 [Delete on Reboot]Path = C:\WINDOWS\Downloaded Program Files\eCodec-v4.287.exe# 3 [Delete on Reboot]Path = C:\WINDOWS\rfscanax.dll# 4 [Delete on Reboot]Path = C:\WINDOWS\Downloaded Program Files\eCodec-v4.287.exe# 5 [Delete on Reboot]Path = C:\WINDOWS\rfscanax.dllI Rebooted @ 9:57:28 AM# 6 [Delete on Reboot]Path = C:\WINDOWS\rfscanax.dllI Rebooted @ 9:59:00 AMKillbox Closed(Exit) @ 9:59:54 AMI await your further instructions....Brian Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 If you copy all of the file names and in killbox go to the File menu, and choose Paste from Clipboard it should do them all when you click the all files button...Thanks Done: Log is in Thread Above Hopefully will be able to clear all the junk Machine is slow for some reason - gotta clear some system tray itemsBrian Link to post Share on other sites
therock247uk Posted October 5, 2006 Report Share Posted October 5, 2006 Ok post a new Hijackthis log here in a reply. Link to post Share on other sites
baker7 Posted October 5, 2006 Author Report Share Posted October 5, 2006 (edited) Therock247uk:Here is the new HJT log----------------BEGIN LOG----------------Logfile of HijackThis v1.99.1Scan saved at 11:48:29 AM, on 10/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\WINDOWS\system32\wwSecure.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXEC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\GIANT Company Software\Spam Inspector\siService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hphmon03.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\HPHipm09.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXEC:\Program Files\Microsoft Office\Office\OUTLOOK.EXEC:\Program Files\GIANT Company Software\Spam Inspector\siMain.exeC:\Documents and Settings\buddy\My Documents\PROGRAMS_ZIPFILES\HIJACK_THIS_199\HIJACK_THIS_199.1\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130202912552O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe-----------------END LOG--------------I will await your reply before I proceed Thanks,Brian Edited October 5, 2006 by baker7 Link to post Share on other sites
therock247uk Posted October 5, 2006 Report Share Posted October 5, 2006 Open Hijackthis and click scan. Then check mark the following entriesR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)Now close all open windows except Hijackthis and click fix checkedThen post a new Hijackthis log here in a reply. Link to post Share on other sites
baker7 Posted October 6, 2006 Author Report Share Posted October 6, 2006 (edited) therock247uk:Here is that post fix HJT log you requested:-------------BEGIN LOG-------------Logfile of HijackThis v1.99.0Scan saved at 8:35:15 AM, on 10/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXEC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\WINDOWS\system32\wwSecure.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXEC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\GIANT Company Software\Spam Inspector\siService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hphmon03.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Documents and Settings\buddy\My Documents\PROGRAMS_ZIPFILES\HIJACK_THIS_199\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130202912552O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeO23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeO23 - Service: VNC Server - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exeO23 - Service: WUSB54Gv4SVC - Unknown - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)O23 - Service: Washer AutoComplete - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe-END :PLogfile of HijackThis v1.99.0Scan saved at 8:35:15 AM, on 10/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXEC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\WINDOWS\system32\wwSecure.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXEC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\GIANT Company Software\Spam Inspector\siService.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\system32\hphmon03.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Documents and Settings\buddy\My Documents\PROGRAMS_ZIPFILES\HIJACK_THIS_199\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130202912552O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exeO23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exeO23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeO23 - Service: VNC Server - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exeO23 - Service: WUSB54Gv4SVC - Unknown - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)O23 - Service: Washer AutoComplete - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe----------------END LOG--------------I await further instructions Brian Edited October 11, 2006 by baker7 Link to post Share on other sites
therock247uk Posted October 6, 2006 Report Share Posted October 6, 2006 Your log is clean.Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Detect and Remove Programs:How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.Prevention Programs: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Other necessary Programs: AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs. Link to post Share on other sites
baker7 Posted October 11, 2006 Author Report Share Posted October 11, 2006 (edited) Your log is clean.Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Detect and Remove Programs:How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.Prevention Programs: Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.Other necessary Programs: AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.Firewall<= A firewall is definatley a must have. Three good free versions are Kerio, Sygate and ZoneLabs.therock247uk:I want to thank you for your assistance in heping me to clear Emmanuel of this mess. I will take the recommended programs under advisement. You guys and gals are wonderful over here You may close this topic if you wish Brian Edited October 11, 2006 by baker7 Link to post Share on other sites
therock247uk Posted October 11, 2006 Report Share Posted October 11, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts